From db87703967f598091a63d05c3dc2c2e2d1d927c0 Mon Sep 17 00:00:00 2001 From: MadSquirrel Date: Mon, 8 Apr 2024 08:32:50 +0200 Subject: [PATCH 1/2] Correct attribute name to be the same used by Android --- androguard/core/axml/__init__.py | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/androguard/core/axml/__init__.py b/androguard/core/axml/__init__.py index b221253a..59cbc529 100644 --- a/androguard/core/axml/__init__.py +++ b/androguard/core/axml/__init__.py @@ -821,14 +821,15 @@ class AXMLParser: res = self.sb[name] # If the result is a (null) string, we need to look it up. - if not res or res == ":": + if name <= len(self.m_resourceIDs): attr = self.m_resourceIDs[name] if attr in public.SYSTEM_RESOURCES['attributes']['inverse']: res = 'android:' + public.SYSTEM_RESOURCES['attributes']['inverse'][attr] - else: - # Attach the HEX Number, so for multiple missing attributes we do not run - # into problems. - res = 'android:UNKNOWN_SYSTEM_ATTRIBUTE_{:08x}'.format(attr) + + if not res or res == ":": + # Attach the HEX Number, so for multiple missing attributes we do not run + # into problems. + res = 'android:UNKNOWN_SYSTEM_ATTRIBUTE_{:08x}'.format(attr) return res def getAttributeValueType(self, index): From 293d85b29ef9c63896c0da67fd8824e3f8cf9fbe Mon Sep 17 00:00:00 2001 From: MadSquirrel Date: Mon, 8 Apr 2024 21:39:38 +0200 Subject: [PATCH 2/2] Fix test case --- androguard/core/axml/__init__.py | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/androguard/core/axml/__init__.py b/androguard/core/axml/__init__.py index 59cbc529..94b0143e 100644 --- a/androguard/core/axml/__init__.py +++ b/androguard/core/axml/__init__.py @@ -380,6 +380,7 @@ class AXMLParser: self.axml_tampered = False self.buff = io.BufferedReader(io.BytesIO(raw_buff)) self.buff_size = self.buff.raw.getbuffer().nbytes + self.packerwarning = False # Minimum is a single ARSCHeader, which would be a strange edge case... if self.buff_size < 8: @@ -824,7 +825,10 @@ class AXMLParser: if name <= len(self.m_resourceIDs): attr = self.m_resourceIDs[name] if attr in public.SYSTEM_RESOURCES['attributes']['inverse']: - res = 'android:' + public.SYSTEM_RESOURCES['attributes']['inverse'][attr] + res = public.SYSTEM_RESOURCES['attributes']['inverse'][attr].replace("_", + ":") + if res != self.sb[name]: + self.packerwarning = True if not res or res == ":": # Attach the HEX Number, so for multiple missing attributes we do not run @@ -1047,7 +1051,7 @@ class AXMLPrinter: :returns: True if packer detected, False otherwise """ - return self.packerwarning + return self.packerwarning or self.axml.packerwarning def _get_attribute_value(self, index): """